Societe Generale Global Solution Centre (SG GSC) acts as a business solutions center for Société Générale, one of the largest European financial groups. We provide high quality professional services in over 35 countries in various business areas - Finance & Accounting, HR, IT and Corporate Operations. Our mission is to be a partner of choice, valued for owning, transforming and innovating with best-in-class talent.

Project Description:

SG GSC is looking for a French-speaking Security Risk Analyst who will be part of the team responsible for the security governance of the French entity ASSU and its international subsidiaries (7 subsidiaries, including 6 English-speaking and 1 French-speaking), whose activity concerns the fields of insurance (property and personal insurance).

RESPONSABILITIES

The mission mainly consists of contributing to:

• Analyze and validate security exceptions requests such as route openings, non-standard software installations, etc
• Accompany the IT teams in the implementation of Group security standards for their new/existing applications/infrastructure
• Monitor the security level of ASSU assets
• Follow-up on audit results of applications, third parties (partners, delegated entities, suppliers, etc.) and physical sites, carried out by another department or by the department itself, relating to the integration of vulnerabilities identified in risk analyses and the monitoring of associated remediation action plans
• Security support for business projects using risk analysis by identifying business issues, security requirements, associated action plans, and assessing intrinsic and residual risks for internal and third-party projects

And to a lesser extent:

• Managing IT operational risks (IT risks) at Société Générale Assurances:

o Maintaining and updating the ASSU referential

o Development and maintenance of dashboards to monitor the progress of initiatives.

What you will do:

• Security files (and intermediate deliverables such as safety classification, expression of project safety needs, residual risk assessment for business managers)
• Security risk analysis and if required, risk acceptance forms
• Reporting elements, dashboards of security and risk indicators
• Managerial presentations (for IT and business) on the projects